Weekend PSA: Keep your computer safe from harm

A few simple tips to help you keep your PC or Mac protected from ne'er-do-wells.

Yesterday was National Computer Security Day, and while you've surely heard the oft-repeated lines about how important it is to take the necessary precautions toward ensuring your computer is safe, we’re hoping you take those lines seriously. In 2011, about 403 million unique variants of malware were exposed and 55,294 malicious Web domains were active, according to Symantec’s annual review. A report from Secunia also showed that most vulnerabilities are resilient and that despite the fact that their numbers are decreasing, none of the top 20 producers of software—commercial or open source—managed to do quite enough to help keep that number negligible.

In 2011, the company identified “…more than 800 end-point vulnerabilities, of which more than 50% were rated as highly or extremely critical and 78% of all vulnerabilities affected non-Microsoft programs,” said Morten R. Stengaard, Director of Product Management and Quality Assurance at Secunia, in an e-mail to Ars. The most targeted data is personal information and business-centric data, which has also been found to be the least protected, and the hardest to secure and defend.

So, taking that extra step to make sure your computer is protected is worth it, and as the saying goes, it’s better to be safe than sorry. Here are a few quick tips for getting your computer security squared away this weekend.

Keep your computer consistently updated

For both Windows and OS X machines, be sure to update them regularly to get the latest patches and fixes for your operating system of choice. As a blog post on Secunia's site notes, “Software programs that aren't updated are one of the most commonly used methods by criminals to take control of private PCs. It is incredibly important to keep the programs updated.” You can set your computer to perform automatic updates so that you don’t have to worry about doing them regularly. In OS X, head to System Preferences and select Software Update and ensure that your Mac is automatically checking for updates.

Enlarge/ Software updates in OS X can be found in the System Preferences.

For Windows users, go into the Control Panel and navigate to the System and Security tab. Click on Action center, and make sure Windows Update is set to “On.” If it’s not, you can change it under the “Change Action Center Settings” option in the left-hand sidebar. While you’re here, ensure that Virus protection, and everything else under that, is also ticked.

Enlarge/ You can make sure you're properly protected inside the Control Panel.

In a phone call with Ars, Randy Abrams, Research Director at NSS Labs, Inc., suggested that users actually go out and manually validate that their operating system is up to date. On the Mac, you can do so by selecting Software Update from the Apple Menu in the upper left-hand side of the screen. For Windows users, you can select Windows Update from the Start menu or from the Control Panel. "One of the things malware does is it’ll get in and disable automatic update,” cautioned Abrams. “If you don’t manually validate it you’re not going to know that you've got the problem.”

Consider a third-party virus scanner or security app

If Microsoft Security Essentials feels like it won't be enough for you, consider applications from vendors like Sophos and Eset. Mac users, you can also check out those vendors, or take a gander at Intego. Abrams also recommends looking at reports from companies like his own NSS Labs, as well as AV-Comparative and Virus Bulletin, which all which all publish a variety of reading material on malware, security, and phishing scams, as well as white papers on anti-virus software. He suggests that users get a feel for what some of the major security products are, what they like, and what they’re comfortable using.

Also, be sure to have a backup plan in case something does go awry. In OS X, a Time Machine backup should do the trick. It will restore your system in case of emergency, and you can encrypt it with FileVault. Mac users should also consider creating a backup Admin account in case they don’t have access to their primary one, which they can do so from the Accounts menu under System Preferences.

Know when you're being phished

Abrams offers two simple rules to follow that will help eliminate a good chunk of phishing attacks. First, he suggested that if you get an email or instant message asking for your password, do not respond. Second, if you click on a link and it asks you log in, it's better to close that URL immediately. If you get an email from Facebook alerting you that a friend left a comment, navigate to Facebook.com yourself and log in from there to find the notification, rather than clicking through.

Use a password management tool

Abrams highly recommended using a password management program like LastPass or 1Password to ensure that the master password is extremely good. That means it needs to be long and contain a few numbers or symbols. “The length is actually more important than the characters,” he added. Abrams also mentioned that choosing common sentences and Bible verses will probably get “hashed” or figured out. As a rule of thumb, you should also avoid using names, words, or anything found in book that could be easily guessed. As for security challenge answers, he suggested that users make them up, rather than give the actual answer to the question. Just make sure to write it down somewhere.

Keep your laptop tied down

Computer security also means ensuring that your hardware stays within arm's reach. If your laptop model supports it, you can invest in a laptop lock that snaps on to the hardware and loops around a table leg or any other piece of furniture that is immovable. Laptop locks work for any sort of public environment, including cubicles, libraries, coffee shops, or dorm rooms.

This is great and useful information for all of us. Keep your computer updated, run a virus scanner, watch out for phishing, lock your laptop. This is what makes Ars great, coming here and getting really useful information that wasn't obvious 10 years ago.

This is great and useful information for all of us. Keep your computer updated, run a virus scanner, watch out for phishing, lock your laptop. This is what makes Ars great, coming here and getting really useful information that wasn't obvious 10 years ago.

So, I'm wondering if Ars will do an article for "National Don't Be a Whiny Douche Day."

One of the best tips to give to newbs avoiding phishing sites is to tell them to read entire URLs and memorize sites' top level domains from right to left. Especially in browsers that hide the initial http://. Watch this, read this URL.

However, if you remember this site as /com.arstechnica.stories.security instead of security.stories.arstechnica.com/, you'll immediately see that the link is cn.com.arstechnica.stories.security - the first thing you'll read will be the part of the TLD that's indicative of a scam.

This is great and useful information for all of us. Keep your computer updated, run a virus scanner, watch out for phishing, lock your laptop. This is what makes Ars great, coming here and getting really useful information that wasn't obvious 10 years ago.

This article (and Florence Ion's presence) is the Conde Nast effect. One look at the sister sites at the bottom of the page should clarify where this site is heading.

Windows and other OS users should encrypt with Truecrypt or something else. Not necessarily to protect from the government but from common criminals. I was broken into, luckily they took the laptop, TV and PS3 all of which had no sensitive personal info on it. The desktop was left alone - which had the important files. After filing a police and insurance report my 1st task was encrypting that drive.

For Windows users who want better security against 0-day exploits, I highly recommend installing EMET. Being able to add memory mitigation techniques to applications that don't (by default) use them is a huge boon to security.

If you want to go even farther, you can look into setting up App-Locker under the local group policy (or Software Restriction Policy for Pre-Vista). I honestly kind of expected to see this kind of less well-known advice in the article as opposed to just "update and use AV software."

This is great and useful information for all of us. Keep your computer updated, run a virus scanner, watch out for phishing, lock your laptop. This is what makes Ars great, coming here and getting really useful information that wasn't obvious 10 years ago.

This article (and Florence Ion's presence) is the Conde Nast effect. One look at the sister sites at the bottom of the page should clarify where this site is heading.

It is kinda sad, but things must move on I suppose. It has been degenerating pretty rapidly recently, but somehow, this article seems like a whole new level.

I can't recall ever seeing Diceware brought up in an article on good passwords here at Ars. Why would you use that method now instead of the password generator features that are part of a password locker program?

So... are programs like Malwarebytes or Avast! no longer among the top tools for beating malware on Windows?

Or is it that they are free (in their basic, good enough for a general user but worth upgrading for the power users and professional settings way)?

FWIW, I have never used anything else on Windows 7, and I have had exactly one malware infection (and that one was due to my own stupidity and direct actions, rather than any failure of those programs). Is there really any reason for the average user to pay for anti-malware programs?

I can't vouch for the program, but running something like Sandboxie might be good for those of us paranoid (but willing to trust Sandboxie). It lets you run anything in a sandbox and intercepts file changes and downloads. I actually run without a regular virus scanner but I occasionally run a CD boot scanner to check if something gets through. So far the most dangerous stuff I've found is the "legitimate" software that installs umpteen services and startup programs. I also use a program to intercept startup changes, but mostly it's one-time cleanup stuff for updates and installs. If only process explorer directly replaced MS launchers like svchost with the actual items being launched, and tracked everything that was run, without being a huge pain. Then I could be paranoid and lazy, instead of half of each.

Of course, running with NoScript and ClickToFlash and Ghostery and ABP and TACO and a billion other plugins helps, if you can stand the work required to get some sites to load.

Also, aren't Kensington Locks more placebo than anything else? Bolt cutters, and not even good ones, can utterly defeat them.....Really.....

Like the joke goes, "I don't have to outrun the bear."

The goal is not to protect your laptop from the one thief who really wants your laptop. It's to encourage thieves steal any of the several nearby laptops that are just lying around.

I see your point, but I counter that most of the places I've seen these locks used were in corporate environments, rather than for personal use. And usually 'other laptops lying around' are also locked with the same type of lock. With crappy bolt cutters at a minimum.

Also, I absolutely love the order of magnitude (at least) better advice given in the comments of an 'Ars Technica' article. Seriously. One of the few times in the last year or so I've been utterly impressed by the discussion in an Ars article. While basically disregarding said article.

I can't vouch for the program, but running something like Sandboxie might be good for those of us paranoid (but willing to trust Sandboxie). It lets you run anything in a sandbox and intercepts file changes and downloads. I actually run without a regular virus scanner but I occasionally run a CD boot scanner to check if something gets through. So far the most dangerous stuff I've found is the "legitimate" software that installs umpteen services and startup programs. I also use a program to intercept startup changes, but mostly it's one-time cleanup stuff for updates and installs. If only process explorer directly replaced MS launchers like svchost with the actual items being launched, and tracked everything that was run, without being a huge pain. Then I could be paranoid and lazy, instead of half of each.

Of course, running with NoScript and ClickToFlash and Ghostery and ABP and TACO and a billion other plugins helps, if you can stand the work required to get some sites to load.

Ghostery is worthless if you install the Adversity and other such filter subscriptions into ABP+. And ClickToFlash is just as worthless now since the same functionality is built-in to Firefox (as well as Chrome for a while).

If you want a good security/privacy add-on that you didn't mention; look up Request Policy.

If you're running any Windows older than Win7 please upgrade to Win7 or newer. It is impossible to secure your system on anything older unless you disconnect from the Web. (I believe the article assumes you're running Win7 or newer.)Make sure no remote desktop stuff is enabled (Unless you're on a work computer network managed by a sysadmin). Do not use MSE exclusively. It's okay, but it is also always under attack for vulnerabilities, still being part of the most ubiquitous OS in the world. Configure MSE to scan (say weekly), use the browser (if you use IE latest version) in protected mode only (I know Chrome is better), then get an internet security package that you pay for...no free software (Really? Do I have to explain?). Do not purchase any of the stuff mentioned in the article for Windows (I can't speak for anything OSX). There are one or two really strong packages out there (talk to people who know this stuff). Set that package up for maximum security and to update as frequently as it allows (like hourly). Set it to scan daily (quickscan) with deeper scans on a monthly and bi-yearly basis and you will have pretty decent security. It should also scan all downloads and test them in a sandbox (Virtual Machine). The good security packages will do this.This all presumes you're using IE9 or newer, not Chrome or something safer than IE. Anything using IE should have a sandbox set up for the browser (Chrome builds its own sandbox and I assume other good browsers do as well.)Also, assuming you're using Win7 or newer, don't give permission for any actions (if the system asks for permission) until you've thought about what's asking or you know it's something you activated yourself. If it stops something you want to happen from happening (like an installation) you can always do it again and give permission. If it happens while you are browsing or downloading media, just say no. You can always go back and do it again. Better safe than sorry. Also disable popups and tracking unless you need them for a specific site. (It goes without saying to browse with Flash disabled unless you need it for a particular site. Also manually update Flash if you use it.)In case anyone thinks I'm a shill for Chrome, I'm not. I don't use it but I do sandbox my browser, always. You should, unless you're a pro. I have no illusions that this solves all potential risks, but for the common user it is good advice. Again, good security packages will do this for you.The final line of defense under Windows is the permissions box. Don't allow anything permission to change your computer unless you understand or recognise the program. Just say no. You can always do it again if it won't allow something you want.Also, generally, don't download software from the Web unless you know and trust the website. It's good advice to check the URL against known sources to prevent DNS scams. Use Google HTTPS to check for the proper URLs for sites. (I'm sure there are other ways.) Also NEVER update Flash or anything else from anywhere but their Official Site. (You can find this through the Control Panel/ Flash icon, if you're inexperienced.)I can't think of anything else right now but I'm sure there's more. This advice is redundant for many ARS users but is aimed at folks using Windows and IE (which are still in the majority). You still need a security package running (generally not the "popular" ones as the bad guys check their hacks against them). Also, as someone said, manually update Windows frequently to ensure you're getting all of the necessary updates. You don't need the optional updates unless they enable something you really want. Again, no remote desktop stuff enabled, please.

Edit: If you have anything sensitive on your laptop, the drive should be encripted and your password should be strong and AT LEAST 9 characters, preferably more. This applies to your desktop too. Do not use phrases. IF you need something you can remember, try an UNUSUAL friend's name from a foreign language and change some characters for symbols, numbers, plus caps, etc..(not Kaiser Souza or anything from a movie or media.) Make it a non-common name with substantial alterations. Do not use the same password for anything else. Also, it is generally bad to browse or run your system as the admin. unless you know what you're doing. If you are running third party, PAID FOR, security, (and you should with Windows) password protect it, as well, and never run as the admin. on it unless you need to make changes and then logout immediately after making said changes. This prevents a hack from changing your security settings remotely (And it can happen. I know from experience.).In general use different passwords for all sensitive stuff, like the Admin. password, banking sites, security package, etc.., and at least 9 characters.

Also, no knock on Florence intended, but articles about computer and internet security should be written by one of the computer IT folks at ARS or someone with a strong CompSci. or related background. They'll have a better BS detector in place for this stuff. Completely securing Windows still requires some intelligent user actions and principles, though it appears to be possible now, at least.

That means it needs to be long and contain a few numbers or symbols. “The length is actually more important than the characters,” he added. Abrams also mentioned that choosing common sentences and Bible verses will probably get “hashed” or figured out. As a rule of thumb, you should also avoid using names, words, or anything found in book that could be easily guessed.

One of my favorite Windows tools is using a hosts file that reroutes rogue websites to 127.0.0.1.

Don't know that I would call this a tool in and of itself, certainly a method.Spybot S&D will actively add malware sites to your hosts as it finds them. I don't run it myself, but for many this is a viable solution.

Maxipad wrote:

Edit: If you have anything sensitive on your laptop, the drive should be encripted and your password should be strong and AT LEAST 9 characters, preferably more. This applies to your desktop too. Do not use phrases. If you need something you can remember, try a friend's name from a foreign language and change some characters for symbols, numbers, plus caps, etc..(not Kaiser Souza or anything from a movie or media.) Make it a non-common name with substantial alterations. Do not use the same password for anything else. Also, it is generally bad to browse or run your system as the admin. unless you know what you're doing. If you are running third party, PAID FOR, security, (and you should with Windows) never run as the admin. on it unless you need to make changes and then logout immediately after making said changes. This prevents a hack from changing your security settings remotely (And it can happen. I know from experience.).In general use different passwords for all sensitive stuff, like the Admin. password, banking sites, security package, etc.., and at least 9 characters.

9 characters is not computationally safe and falls within the range of what is currenctly considered a short, and therefor weak, password. Twelve should be a bare minimum, and much longer is suggested. Now consider this against banks like TD Canada Trust which allow a minimum 6 and maximum of 8 characters for your online banking password, MAJOR ISSUE.

Do not run as root/admin should go without saying, but always bears repeating. Do not suggest that using an alternative user "prevents" remote hacking, but it does make it more difficulty, remember one of the key proponents of computer security is "Privilege Escalation"

Last I checked Threat Fire's internet protection solution (Based on sandbox technology) still guarantees "perfect security". I don't know if anyone recalls their hack-me challenge when they first released, but I never heard of anyone being paid out for succeeding.

Interactive Civilian wrote:

So... are programs like Malwarebytes or Avast! no longer among the top tools for beating malware on Windows?

Or is it that they are free (in their basic, good enough for a general user but worth upgrading for the power users and professional settings way)?

Malwarebytes is still excellent at what it is designed for, but the freeware version has only ever been useful as a clean-up procedure, not a preventative measure. They do have a paid version, and it seems effective, but as with all the most effective real-time protection measures, it can be cumbersome to implement. (Pop-ups, fine-tuning settings to your needs and liking etc.) Still worth using, whether preventative or re-active is better for your needs is up to you and your over-all security choices and comfort.

Finally re security and encryption in general I highly suggest reading through several of the documents on TrueCrypt.org for general information. Especially this one: http://www.truecrypt.org/docs/hidden-operating-system as it will go over several concepts about encryption, security, password strength, layers, and even the oft-downplayed obfuscation. (Which should never be seen as a security measure on its own, but is an important part of a properly layered security envelope.)

. Do not purchase any of the stuff mentioned in the article for Windows (I can't speak for anything OSX). There are one or two really strong packages out there (talk to people who know this stuff).

Please don't say things like "Talk to someone who knows this stuff". I know we're all the resident unpaid computer techs for everyone in our family and circles of friends, and I know we're all hating it. But telling a non-IT person "Ask someone who knows this stuff" is just inviting trouble. They will listen to the person with the loudest mouth and the best rhetoric abilities, not to the person with the best computer skills. Not because they're stupid, simply because it's impossible for them to tell the difference. (c.f. Clarke's third law).

So just tell us already what packages you favour so we (as, on average, IT-savvy folks here at the ars forums) can check and snap you out of your belief should you be wrong, or pat your back if you're right ;-)

This is great and useful information for all of us. Keep your computer updated, run a virus scanner, watch out for phishing, lock your laptop. This is what makes Ars great, coming here and getting really useful information that wasn't obvious 10 years ago.

As obvious as it is to most of us, I work with people every day that depend on their computers for everything yet lack these "common sense" skills.

While we like to assume that as Ars readers we know at least the basics and have a healthy curiosity about common tech matters, the fact remains that people are joining the club every day and need to be primed on the things we all learned years ago.

An ounce of prevention and all that. My policy has been the same for years. Stay updated. Don't click on shady shit. Keep a backup. Run a good lightweight antivirus (like MSE) for the stuff that falls through the cracks.

The more often trusted tech sites reiterate these standard procedures, the less sad stories we will run across in our daily lives.

That means it needs to be long and contain a few numbers or symbols. “The length is actually more important than the characters,” he added. Abrams also mentioned that choosing common sentences and Bible verses will probably get “hashed” or figured out. As a rule of thumb, you should also avoid using names, words, or anything found in book that could be easily guessed.

I have to respectfully disagree with you. While that xkcd tip was useful at one point, password crackers often look for combination of dictionary words now, making that password generation technique much less useful. Plus, you really should have a different password for each web site, and how does that technique help with that? (Not to mention, how do you deal with those unfortunate sites that limit your password length to something short?)

At this point, you really should be using a password locker program like Keepass, 1Password, or Lastpass to manage all your passwords, so why not simply use their functionality to generate really long, random passwords instead?

That means it needs to be long and contain a few numbers or symbols. “The length is actually more important than the characters,” he added. Abrams also mentioned that choosing common sentences and Bible verses will probably get “hashed” or figured out. As a rule of thumb, you should also avoid using names, words, or anything found in book that could be easily guessed.

I have to respectfully disagree with you. While that xkcd tip was useful at one point, password crackers often look for combination of dictionary words now, making that password generation technique much less useful. Plus, you really should have a different password for each web site, and how does that technique help with that? (Not to mention, how do you deal with those unfortunate sites that limit your password length to something short?)

At this point, you really should be using a password locker program like Keepass, 1Password, or Lastpass to manage all your passwords, so why not simply use their functionality to generate really long, random passwords instead?

How much is that going to really help password crackers when you can have tens of thousands of common English words and you use 3 or 4 unrelated ones? As long as you don't use the one in the comic strip, you still have a large number of combinations to check.

. Do not purchase any of the stuff mentioned in the article for Windows (I can't speak for anything OSX). There are one or two really strong packages out there (talk to people who know this stuff).

Please don't say things like "Talk to someone who knows this stuff". I know we're all the resident unpaid computer techs for everyone in our family and circles of friends, and I know we're all hating it. But telling a non-IT person "Ask someone who knows this stuff" is just inviting trouble. They will listen to the person with the loudest mouth and the best rhetoric abilities, not to the person with the best computer skills. Not because they're stupid, simply because it's impossible for them to tell the difference. (c.f. Clarke's third law).

So just tell us already what packages you favour so we (as, on average, IT-savvy folks here at the ars forums) can check and snap you out of your belief should you be wrong, or pat your back if you're right ;-)

Cheers.

Sorry for making anyone's life more miserable (honestly). I am not an IT person and know there are many, many people on this site who are far more knowledgeable than me about this stuff (see the correction of my reference to "at least 9 characters", though I did say more was preferable; it was based on an article on this site and is incorrect I guess). My comments were aimed at the many people visiting here who are less comp. savy, like me. There are a lot of us. I listened to someone who "knew something" several years ago (a CompSci. grad student) and improved my system's security tremendously. I don't think that I'm necessarily using the very best third party security, but it does sandbox the browser and run a virtual system to test downloads for "bad behavior". Coupled with the permission system under Win7 (in my case) it has been, as far as I can tell, airtight(ish). Nothing's perfect, correct? So I follow every other good rule I see on sites like this. I was just trying to summarize the first ones that came to mind for the folks who are like the user I was a few years ago. I won't give the name of my security out because I don't wish to be flamed to death here. Just trying to give decent, not very technical, advice to nontech users.I figured that if they spoke to someone they knew they'd be more likely to get advice they could trust. I didn't think of the chance their contact would be a dumbass (though I guess I should've). I generally consider the background and experience of the source, which is why I listened to the guy I did.I will say that I've known someone using Win7, with MSE running, who has found his system broken by some malware, which may have come from old files he imported from his previous OS/computer. I'm probably going to have to help him get his system working properly again and teach him how to prevent another breakdown. I agree, it sucks, but he's my brother so I'll just do it and recommend good 3rd party protection (and behaviors) to prevent another mishap. We'll see if he listens.

Edit: Also, almost everyone I know who's had their system broken was running free security software, often stuff provided by their ISP. Hence my considerable mistrust. I think you get what you pay for. Good purchasable solutions also seem to configure programs according to many of the expert rules I've seen.

My favourite tips for secure passwords are to use a password manager like 1Password; I've got easily two hundred sites that I've had to sign up to at one time or another, so coming up with a unique password for each one would have been an impossibility, meanwhile 1Password lets you just generate something that no-one can possibly guess.

Of course that requires using really secure passwords for items that do require them, such as logging into your computer and unlocking 1Password; basically anything that you need to know the password for because otherwise you can't use it. 1Password (and presumably other such programs) is able to store its keychain with a portable web-format so it's easy enough to sync a copy to a USB stick that you can carry around anywhere you might need access to your e-mail for example.

For those passwords you absolutely need to be able to remember the first thing to do is get away from the idea of a password; longer is always better so you're better off with a phrase or even a sentence. I use fairly long sentences that are personal enough to me that a portion of the words shouldn't be part of a dictionary, and with a simple, easy to remember substitution of letters for numbers, and when to use spaces. So the sentence is built up of some words that have no spaces between them, while others have it, some are capitalised, some are not, some use numbers instead of letters and so-on. Even though password breaking tools can guess a lot of these kind of things eventually, it can still be slow, and the longer your password the more combinations of guessing a word, guessing capitalisation, guessing spacing, and guessing substitution is required in order to assemble your entire password. Good things to include are unusual names that have some significance to you, even it's a weird name from something on TV, or a silly nickname, or even better some kind of local slang words that are unlikely to be in a dictionary.

Lastly, for password reminders it's important that it be a reminder and not something that spells out your password. Once you've used a password enough it should stick in your memory somewhere, the key thing is to jog your memory of what the sentence is, and how it was formed. If you absolutely have to write down the password then keep the written note somewhere where no-one should be able to find it; the worst thing to do is write it down and leave it next to your computer or in a drawer in your desk! You may need to keep it to hand initially till you remember it, but once it's starting to stick the note is only there to remind you, so keep it safe! The worst thing that could happen is if someone physically steals your computer and you've left them the password to it!

I'm personally unwilling to put my passwords for banking sites, computer security or anything really critical in a password manager. For websites that are noncritical, sure. Just my basic paranoia. I prefer to memorize them in the way suggested above. I only have about 4 that I consider that critical, however.

I think it would be interesting to see a poll about compromised passwords. Maybe something like this:

Have you ever faced consequences from a compromised password?- Yes, I got locked out of an account / my data was stolen / my server was vandalized / I lost money- Yes, I noticed suspicious activity, but was able to clear up the situation before damage was done- No, I have always been able to change my passwords before any problems arose whenever I suspected (or was notified) there might be a problem- No, I change my passwords so often that there's never a chance to compromise them- No, and I haven't even bothered to change my passwords

I've been one to keep a few easy-for-me-to-remember patterns (which I have never divulged to anyone) for making passwords of a few various lengths that I can recall easily, and I fall very firmly into the first "no" category. Maybe it's just a matter of time, but over 20 years of using the internet, I have yet to have a real problem. *knock on wood*

Florence Ion / Florence was a former Reviews Editor at Ars, with a focus on Android, gadgets, and essential gear. She received a degree in journalism from San Francisco State University and lives in the Bay Area.